Is Myanmar’s Military Behind Shadowy Cyber Attacks?

A new report suggests it is linked to attacks on independent media and the Thai government.

The Myanmar military was responsible for a series of cyber-attacks on pro-democracy media outlets near the time of last year’s historic election and has close ties with hackers who targeted websites belonging to the Thai government, an explosive new report has claimed.

A three-year investigation by Sweden-based cyber security firm Unleash Research Labs working to protect independent news outlets, including Democratic Voice of Burma (DVB) and The Irrawaddy, has identified the army as a key player in a string of defacements of media websites dating back to 2012.

There was a spike in attacks near the November election, which saw Aung San Suu Kyi’s National League for Democracy trounce its army-backed opponents in Myanmar’s first open election in decades, attributed to a group called “Union of Hacktivists”. The origins of these hacks have been tracked down to a secretive military-operated network hidden behind two firewall proxies.

According to the report, the network is run by the Defense Services Computer Directorate and uses Blue Coat technology, a controversial security system developed by a US firm known to have done business with the Myanmar junta.

“We can guarantee that [these] attacks originated from the army network, an infrastructure fully allocated to them without [the involvement of] any other type of organizations,” said Tord Lundstrom, Technical Director at Unleash Research Labs. “We can also confirm that the work was done during typical office hours and not from any student dormitories or during the night.”

The report identifies a number of individuals with close ties to the military as key instigators in Myanmar’s emerging “hacktivist” movement, which has flourished with the spread of internet access since the nominal end of dictatorship in 2011. Among the most prominent hacktivist networks is the Blink Hacker Group (BHG), which has claimed responsibility for numerous distributed denial-of-service (DDoS) attacks on DVB over its coverage of the persecuted Rohingya minority in western Myanmar.

The group also organized high-profile attacks on websites belonging to the Thai police in January 2016 under the guise of the global hacktivist network Anonymous. This was in retaliation for an unpopular court ruling that sentenced two Myanmar men to death for the murders of two British tourists in southern Thailand, stirring nationalist outrage across Myanmar. At the time, Myanmar’s army chief Min Aung Hlaing urged Thailand to “review the evidence” in an apparent display of support for the accused.

“Hacking groups in Myanmar operate with the silent consent and the infiltration of actors from [the military],” added Lundstrom, who has spent years monitoring Facebook and hacking forums where groups openly discuss and plan their next attacks. “It is time for Myanmar to openly address what openness and tolerance means on the Internet. It is unacceptable that youngsters are driven by hidden agendas to destroy digital infrastructure.”

A spokesperson for the government denied any involvement in the hacks and warned media groups against making unfounded accusations.

“Regarding the [media groups] that were allegedly hacked, they should go ahead and sue if they are sure about the allegation,” said Zaw Htay, director of President Thein Sein’s office. “If their allegation turns out to be groundless, then they will face the consequences.”

Under Myanmar law, defamation is a criminal offense punishable by up to two years in prison.

“We cannot verify these activist-style allegations made by a random internet site,” Zaw Htay added. “If I want to attack [the] DVB website, I wouldn’t use a computer in the president’s office to which it can be traced back”.

Myanmar’s “hacktivist” movement has become increasingly hostile towards media outlets covering ethnic conflicts in Rakhine and Kachin states. By June 2012, when clashes erupted between Buddhists and Rohingya Muslims in Rakhine state, hacking groups “were driven by a political agenda in perfect synchronization with the Myanmar Government,” said the report.

The report also accuses the military of coordinating fake cyber-attacks in order to advance its political goals. For example in December 2012, a series of websites were defaced in the name of the “Kachin Cyber Army” issuing threatening messages against the Myanmar media. But according to Lundstrom’s analysis those attacks were “constructed to serve the government political agenda of conflict escalation”.

One man identified as an instrumental member of several hacking groups, including BHG, is Thet Wai Phyo, who operates under the pseudonym Gtone. Once listed on Facebook as a military student living in Russia and according to the Myanmar Times trained at the Defense Services Academy (DSA) in Pyin Oo Lwin, Thet Wai Phyo has made the news for publicly accusing one of Suu Kyi’s political aides of being a British spy.

According to the report, he has been involved in planning numerous hacks targeting Myanmar media and runs the Myanmar Anonymous page on Facebook. He was one of the first individuals to openly call for a hacking movement devoted to defending Buddhism and has expressed vocal support for firebrand anti-Muslim monk Wirathu.

“Any one Burmese man who is crazy about technology is responsible to protect Theravada Buddhism,” he wrote in a hacking forum in May 2012, according to the report. “I would like to ask the [Myanmar Hacker Forum] to adopt this as its core principle.”

He did not respond to a request for comment.

Two other individuals linked to the online hacking community, Lynn Myat Aung and Myat Thu, are allegedly affiliated with the DSA. The former openly posted on BHG’s Facebook page encouraging its members to apply to the military academy. Aung Min Khant, a fighter pilot with the Myanmar armed forces, was identified as playing a leading role in the attacks on the Thai police force in January by posting hacking tools on Facebook. Myat Thu later posted a public statement on behalf of BHG justifying the attacks on Thailand and sharing 1GB of stolen data, said to the report.

When contacted for a response, Lynn Myat Aung denied knowing any members of Blink Hacker Group.

“I have joked around with so-called hackers on Facebook but I absolutely don’t know the BHG members,” he said, adding that while he admired the military academy he was never himself a cadet.

Myat Thu and Aung Min Khant did not respond to requests for comment.

Exiled media outlets covering Myanmar are no strangers to cyber-attacks. Coordinated assaults on DVB and The Irrawaddy have taken place during most major political events, including the last general election in November 2010 and the 2007 pro-democracy uprising. At the time, Myanmar’s internet was prohibitively expensive and the few available ISPs were controlled by the state. The military, which continues to wield significant political influence in Myanmar, has always denied responsibility.

“We consider this as not just an attack on DVB and a few other media, it is an attack on the freedom of the press,” said Aye Chan Naing, Executive Director and Chief Editor at DVB. “We hope the new government will be more transparent and will be on the side of the independent media in this kind of situation.”

Hanna Hindstrom is a freelance journalist, specializing in Burma and Southeast Asia. She has been reporting from the region since 2011.